/*
	wsseapi.h

	WS-Security plugin.

	See wsseapi.c for documentation and details.

gSOAP XML Web services tools
Copyright (C) 2000-2015, Robert van Engelen, Genivia Inc., All Rights Reserved.
This part of the software is released under one of the following licenses:
GPL or the gSOAP public license.
--------------------------------------------------------------------------------
gSOAP public license.

The contents of this file are subject to the gSOAP Public License Version 1.3
(the "License"); you may not use this file except in compliance with the
License. You may obtain a copy of the License at
http://www.cs.fsu.edu/~engelen/soaplicense.html
Software distributed under the License is distributed on an "AS IS" basis,
WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
for the specific language governing rights and limitations under the License.

The Initial Developer of the Original Code is Robert A. van Engelen.
Copyright (C) 2000-2015, Robert van Engelen, Genivia Inc., All Rights Reserved.
--------------------------------------------------------------------------------
GPL license.

This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation; either version 2 of the License, or (at your option) any later
version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with
this program; if not, write to the Free Software Foundation, Inc., 59 Temple
Place, Suite 330, Boston, MA 02111-1307 USA

Author contact information:
engelen@genivia.com / engelen@acm.org

This program is released under the GPL with the additional exemption that
compiling, linking, and/or using OpenSSL is allowed.
--------------------------------------------------------------------------------
A commercial use license is available from Genivia, Inc., contact@genivia.com
--------------------------------------------------------------------------------
*/

#ifndef WSSEAPI_H
#define WSSEAPI_H

/* When using soapcpp2 option -q<name> or -p<name>, you need to change "soapH.h" below */

/* include soapH.h generated by soapcpp2 from .h file containing #import "wsse.h" */
#ifdef SOAP_H_FILE      /* if set, use the soapcpp2-generated fileH.h file as specified with: cc ... -DSOAP_H_FILE=fileH.h */
# include "stdsoap2.h"
# include SOAP_XSTRINGIFY(SOAP_H_FILE)
#else
# include "soapH.h"	/* or manually replace with soapcpp2-generated *H.h file */
#endif

#include "smdevp.h"
#include "mecevp.h"

#ifdef __cplusplus
extern "C" {
#endif

/** plugin identification for plugin registry */
#define SOAP_WSSE_ID "SOAP-WSSE/1.5"

/** to ignore extra/external SignedInfo/Reference/@URI */
#define SOAP_WSSE_IGNORE_EXTRA_REFS (0x1000)

/** plugin identification for plugin registry */
extern const char soap_wsse_id[];

/**
@struct soap_wsse_data
@brief wsseapi plugin data

The signature key (private) and verification key (public) are kept in the
plugin data, together with other info.
*/
struct soap_wsse_data {
  const char *sigid;		/**< string with wsu:Id names to sign */
  const char *encid;		/**< string with wsu:Id names to encrypt */
  const char *prefixlist;	/**< string with c14n PrefixList to send, or NULL */
  int sign_alg;			/**< The digest or signature algorithm used */
  const void *sign_key;		/**< EVP_PKEY or key string for HMAC */
  int sign_keylen;		/**< HMAC key length */
  int vrfy_alg;			/**< The signature verify algorithm used */
  const void *vrfy_key;		/**< EVP_PKEY or key string for HMAC verify */
  int vrfy_keylen;		/**< HMAC key length */
  int enco_alg;			/**< current encrypt algorithm used */
  const char *enco_keyname;	/**< optional key name (id of symmetric key) */
  const void *enco_key;		/**< EVP_PKEY or secret key */
  int enco_keylen;		/**< secret key length */
  int deco_alg;			/**< decrypt algorithm used */
  const void *deco_key;		/**< EVP_PKEY or secret key */
  int deco_keylen;		/**< secret key length */
  struct soap_wsse_digest *digest;	/**< List of ID-hash pairs */
  int (*fpreparesend)(struct soap*, const char*, size_t);
  int (*fpreparefinalsend)(struct soap*);
  int (*fpreparefinalrecv)(struct soap*);
  struct soap_mec_data *mec;
  X509_STORE *store;
  const void *(*security_token_handler)(struct soap *soap, int *alg, const char *keyname, const unsigned char *keyid, int keyidlen, int *keylen);
};

/**
@struct soap_wsse_digest
@brief Digest dictionary: linked list of ID-hash pairs

The digest dictionary is populated by the soap_wsse_preparesend callback. The
callback intercepts XML elements with wsu:Id attributes and computes the digest
during the preprocessing of a message transmission. The 'level' field is used
to determine when the end of an element is reached by handling inner wsu:Id
attributed elements, so that the outer wsu:Id attributed element can be hashed.
*/
struct soap_wsse_digest {
  struct soap_wsse_digest *next;	/**< Next in list */
  int done;			        /**< done when digest is computed */
  unsigned int level;			/**< XML element level */
  struct soap_smd_data smd;		/**< smdevp engine context */
  unsigned char hash[SOAP_SMD_MAX_SIZE];/**< Digest hash value */
  char id[1];				/**< String flows down the struct */
};

extern const char *wsse_PasswordTextURI;
extern const char *wsse_PasswordDigestURI;
extern const char *wsse_Base64BinaryURI;
extern const char *wsse_X509v3URI;
extern const char *wsse_X509v3SubjectKeyIdentifierURI;

extern const char *ds_sha1URI;
extern const char *ds_sha256URI;
extern const char *ds_sha512URI;
extern const char *ds_hmac_sha1URI;
extern const char *ds_hmac_sha256URI;
extern const char *ds_hmac_sha512URI;
extern const char *ds_dsa_sha1URI;
extern const char *ds_rsa_sha1URI;
extern const char *ds_rsa_sha256URI;
extern const char *ds_rsa_sha512URI;

extern const char *xenc_3desURI;
extern const char *xenc_aes128cbcURI;
extern const char *xenc_aes192cbcURI;
extern const char *xenc_aes256cbcURI;
extern const char *xenc_aes512cbcURI;
extern const char *xenc_aes128gcmURI;
extern const char *xenc_aes192gcmURI;
extern const char *xenc_aes256gcmURI;
extern const char *xenc_aes512gcmURI;

extern const char *xenc_elementURI;
extern const char *xenc_contentURI;

extern const char *xenc_rsa15URI;
extern const char *xenc_rsaesURI;

extern const char *ds_URI;
extern const char *c14n_URI;
extern const char *wsu_URI;

SOAP_FMAC1 struct _wsse__Security * SOAP_FMAC2 soap_wsse_add_Security(struct soap *soap);
SOAP_FMAC1 struct _wsse__Security * SOAP_FMAC2 soap_wsse_add_Security_actor(struct soap *soap, const char *actor);
SOAP_FMAC1 void SOAP_FMAC2 soap_wsse_delete_Security(struct soap *soap);
SOAP_FMAC1 struct _wsse__Security * SOAP_FMAC2 soap_wsse_Security(struct soap *soap);

SOAP_FMAC1 struct ds__SignatureType * SOAP_FMAC2 soap_wsse_add_Signature(struct soap *soap);
SOAP_FMAC1 void SOAP_FMAC2 soap_wsse_delete_Signature(struct soap *soap);
SOAP_FMAC1 struct ds__SignatureType * SOAP_FMAC2 soap_wsse_Signature(struct soap *soap);

SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_add_Timestamp(struct soap *soap, const char *id, time_t lifetime);
SOAP_FMAC1 struct _wsu__Timestamp * SOAP_FMAC2 soap_wsse_Timestamp(struct soap *soap);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_verify_Timestamp(struct soap *soap);

SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_add_UsernameTokenText(struct soap *soap, const char *id, const char *username, const char *password);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_add_UsernameTokenDigest(struct soap *soap, const char *id, const char *username, const char *password);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_add_UsernameTokenDigest_at(struct soap *soap, const char *id, const char *username, const char *password, time_t when);
SOAP_FMAC1 struct _wsse__UsernameToken * SOAP_FMAC2 soap_wsse_UsernameToken(struct soap *soap, const char *id);
SOAP_FMAC1 const char * SOAP_FMAC2 soap_wsse_get_Username(struct soap *soap);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_verify_Password(struct soap *soap, const char *password);

SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_add_BinarySecurityToken(struct soap *soap, const char *id, const char *valueType, const unsigned char *data, int size);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_add_BinarySecurityTokenX509(struct soap *soap, const char *id, X509 *cert);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_add_BinarySecurityTokenPEM(struct soap *soap, const char *id, const char *filename);
SOAP_FMAC1 struct _wsse__BinarySecurityToken * SOAP_FMAC2 soap_wsse_BinarySecurityToken(struct soap *soap, const char *id);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_get_BinarySecurityToken(struct soap *soap, const char *id, char **valueType, unsigned char **data, int *size);
SOAP_FMAC1 X509 * SOAP_FMAC2 soap_wsse_get_BinarySecurityTokenX509(struct soap *soap, const char *id);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_verify_X509(struct soap *soap, X509 *cert);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_add_SecurityContextToken(struct soap *soap, const char *id, const char *identifier);
SOAP_FMAC1 const char * SOAP_FMAC2 soap_wsse_get_SecurityContextToken(struct soap *soap);

SOAP_FMAC1 struct ds__SignedInfoType * SOAP_FMAC2 soap_wsse_add_SignedInfo(struct soap *soap);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_add_SignedInfo_Reference(struct soap *soap, const char *URI, unsigned int level, const char *transform, const char *inclusiveNamespaces, int alg, const char *HA);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_add_SignedInfo_SignatureMethod(struct soap *soap, const char *method, int canonical);
SOAP_FMAC1 struct ds__SignedInfoType * SOAP_FMAC2 soap_wsse_SignedInfo(struct soap *soap);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_get_SignedInfo_SignatureMethod(struct soap *soap, int *alg, int *bits);

SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_add_SignatureValue(struct soap *soap, int alg, const void *key, int keylen);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_verify_Signature(struct soap *soap);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_verify_SignatureValue(struct soap *soap, int alg, const void *key, int keylen);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_verify_SignedInfo(struct soap *soap);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_verify_digest(struct soap *soap, int alg, int canonical, const char *id, unsigned char hash[SOAP_SMD_MAX_SIZE]);

SOAP_FMAC1 struct ds__KeyInfoType * SOAP_FMAC2 soap_wsse_add_KeyInfo(struct soap *soap);
SOAP_FMAC1 struct ds__KeyInfoType * SOAP_FMAC2 soap_wsse_KeyInfo(struct soap *soap);

SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_add_KeyInfo_KeyName(struct soap *soap, const char *name);
SOAP_FMAC1 const char * SOAP_FMAC2 soap_wsse_get_KeyInfo_KeyName(struct soap *soap);

SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_add_KeyInfo_SecurityTokenReferenceURI(struct soap *soap, const char *URI, const char *valueType);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_add_KeyInfo_SecurityTokenReferenceX509(struct soap *soap, const char *URI);
SOAP_FMAC1 const char * SOAP_FMAC2 soap_wsse_get_KeyInfo_SecurityTokenReferenceURI(struct soap *soap);
SOAP_FMAC1 const char * SOAP_FMAC2 soap_wsse_get_KeyInfo_SecurityTokenReferenceValueType(struct soap *soap);
SOAP_FMAC1 X509 * SOAP_FMAC2 soap_wsse_get_KeyInfo_SecurityTokenReferenceX509(struct soap *soap);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_add_KeyInfo_X509Certificate(struct soap *soap, X509 *cert);
SOAP_FMAC1 struct ds__X509IssuerSerialType * SOAP_FMAC2 soap_wsse_get_KeyInfo_SecurityTokenReferenceX509Data(struct soap *soap);

SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_add_KeyInfo_SecurityTokenReferenceKeyIdentifier(struct soap *soap, const char *id, const char *valueType, unsigned char *data, int size);
SOAP_FMAC1 const char * SOAP_FMAC2 soap_wsse_get_KeyInfo_SecurityTokenReferenceKeyIdentifierValueType(struct soap *soap, ds__KeyInfoType *keyInfo);
SOAP_FMAC1 const unsigned char * SOAP_FMAC2 soap_wsse_get_KeyInfo_SecurityTokenReferenceKeyIdentifier(struct soap *soap, ds__KeyInfoType *keyInfo, int *size);

SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_add_KeyInfo_SecurityTokenReferenceEmbedded(struct soap *soap, const char *id, const char *valueType);

SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_add_EncryptedData_KeyInfo_KeyName(struct soap *soap, const char *keyname);

#ifdef SOAP_NAMESPACE_OF_saml1
SOAP_FMAC1 saml1__AssertionType * SOAP_FMAC2 soap_wsse_add_saml1(struct soap *soap, const char *wsuId);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_sign_saml1(struct soap *soap, saml1__AssertionType *assertion, int alg, const void *key, int keylen, X509 *cert);
SOAP_FMAC1 saml1__AssertionType * SOAP_FMAC2 soap_wsse_get_saml1(struct soap *soap);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_verify_saml1(struct soap *soap, saml1__AssertionType *saml1);
#endif

#ifdef SOAP_NAMESPACE_OF_saml2
SOAP_FMAC1 saml2__AssertionType * SOAP_FMAC2 soap_wsse_add_saml2(struct soap *soap, const char *wsuId);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_sign_saml2(struct soap *soap, saml2__AssertionType *assertion, int alg, const void *key, int keylen, X509 *cert);
SOAP_FMAC1 saml2__AssertionType * SOAP_FMAC2 soap_wsse_get_saml2(struct soap *soap);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_verify_saml2(struct soap *soap, saml2__AssertionType *saml2);
#endif

SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_sender_fault_subcode(struct soap *soap, const char *faultsubcode, const char *faultstring, const char *faultdetail);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_receiver_fault_subcode(struct soap *soap, const char *faultsubcode, const char *faultstring, const char *faultdetail);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_sender_fault(struct soap *soap, const char *faultstring, const char *faultdetail);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_receiver_fault(struct soap *soap, const char *faultstring, const char *faultdetail);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_fault(struct soap *soap, enum wsse__FaultcodeEnum fault, const char *detail);

SOAP_FMAC1 int SOAP_FMAC2 soap_wsse(struct soap *soap, struct soap_plugin *p, void *arg);

SOAP_FMAC1 void SOAP_FMAC2 soap_wsse_rand_nonce(char *nonce, size_t noncelen);

SOAP_FMAC1 int SOAP_FMAC2 soap_pmd5(struct soap *soap, const char *hmac_key, size_t hmac_key_len, const char *secret, size_t secretlen, char *pmd5, size_t pmd5len);
SOAP_FMAC1 int SOAP_FMAC2 soap_psha1(struct soap *soap, const char *hmac_key, size_t hmac_key_len, const char *secret, size_t secretlen, char *psha1, size_t psha1len);
SOAP_FMAC1 int SOAP_FMAC2 soap_psha256(struct soap *soap, const char *hmac_key, size_t hmac_key_len, const char *secret, size_t secretlen, char *psha256, size_t psha256len);

SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_sign(struct soap *soap, int alg, const void *key, int keylen);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_sign_body(struct soap *soap, int alg, const void *key, int keylen);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_verify_init(struct soap *soap);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_verify_auto(struct soap *soap, int alg, const void *key, size_t keylen);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_verify_done(struct soap *soap);
SOAP_FMAC1 size_t SOAP_FMAC2 soap_wsse_verify_element(struct soap *soap, const char *URI, const char *tag);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_verify_body(struct soap *soap);

SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_verify_with_signature(struct soap *soap, _ds__Signature *signature);

SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_set_security_token_handler(struct soap *soap, const void *(*callback)(struct soap*, int *alg, const char *keyname, const unsigned char *keyid, int keyidlen, int *keylen));
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_set_wsu_id(struct soap *soap, const char *tags);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_set_InclusiveNamespaces(struct soap *soap, const char *prefixlist);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_sign_only(struct soap *soap, const char *tags);

SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_add_EncryptedKey(struct soap *soap, int alg, const char *URI, X509 *cert, const char *subjectkeyid, const char *issuer, const char *serial);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_add_EncryptedKey_encrypt_only(struct soap *soap, int alg, const char *URI, X509 *cert, const char *subjectkeyid, const char *issuer, const char *serial, const char *tags);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_verify_EncryptedKey(struct soap *soap);
SOAP_FMAC1 void SOAP_FMAC2 soap_wsse_delete_EncryptedKey(struct soap *soap);
SOAP_FMAC1 struct xenc__EncryptedKeyType * SOAP_FMAC2 soap_wsse_EncryptedKey(struct soap *soap);

SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_add_EncryptedKey_DataReferenceURI(struct soap *soap, const char *URI);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_add_DataReferenceURI(struct soap *soap, const char *URI);

SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_encrypt_body(struct soap *soap, int alg, const void *key, int keylen);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_encrypt_only(struct soap *soap, int alg, const void *key, int keylen, const char *tags);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_encrypt(struct soap *soap, int alg, const void *key, int keylen);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_decrypt_auto(struct soap *soap, int alg, const void *key, int keylen);

SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_encrypt_begin(struct soap *soap, const char *id, int alg, const char *URI, const char *keyname, const unsigned char *key, const char *type);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_encrypt_end(struct soap *soap);

SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_decrypt_begin(struct soap *soap);
SOAP_FMAC1 int SOAP_FMAC2 soap_wsse_decrypt_end(struct soap *soap);

#ifdef __cplusplus
}
#endif

/**
@fn void soap_default_xsd__anyType(struct soap *soap, struct soap_dom_element *node)
@brief Initializes a DOM element node.
@param soap context
@param node pointer to DOM element node.
*/
SOAP_FMAC1 void SOAP_FMAC2 soap_default_xsd__anyType(struct soap*, struct soap_dom_element *node);

/**
@fn int soap_out_xsd__anyType(struct soap *soap, const char *tag, int id, const struct soap_dom_element *node, const char *type)
@brief Output a DOM element node.
@param soap context
@param[out] tag XML element tag name
@param[out] id integer ref id value or zero if none
@param[out] node pointer to DOM element node to send
@param[out] type xsi:type or NULL
*/
SOAP_FMAC1 int SOAP_FMAC2 soap_out_xsd__anyType(struct soap *soap, const char *tag, int id, const struct soap_dom_element *node, const char *type);

/**
@fn struct soap_dom_element *soap_in_xsd__anyType(struct soap *soap, const char *tag, struct soap_dom_element *node, const char *type)
@brief Input a DOM element node.
@param soap context
@param[out] tag XML element tag name to verify or NULL
@param[in] node pointer to DOM element node to parse
@param[out] type xsi:type to verify or NULL
*/
SOAP_FMAC1 struct soap_dom_element * SOAP_FMAC2 soap_in_xsd__anyType(struct soap *soap, const char *tag, struct soap_dom_element *node, const char *type);

#endif
